[Bug 254637] [PATCH] Read kern.geom.eli.passphrase from UEFI variable for unattended boot without passphrase on disk

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 21 Jul 2021 12:43:52 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254637

--- Comment #1 from ruben_at_verweg.com ---
Tried the patch on VMWare and a Clevo NL5xRU notebook with the geli password as
a efi var.
Besides VMWare UEFI being fickly works as intended. 

Though this is not UEFI secure boot it is a convenient way for server systems
to have both full disk encryption and unattended reboots. 

I feel it is at the administrators discretion to determine wether to have a
key/passphrase in unprotected nvram is different than on a unprotected boot
partition

It would address the need of people who installed their zfs systems using a
separate boot pool using preconfigured keys and want to consolidate that into a
single pool so bectl/beadm starts to work for them.

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Wed Jul 21 2021 - 12:43:52 UTC

Original text of this message